Multiple persistent input validation web vulnerabilities have been discovered in the official SevDesk v3.10 web-application & cloud online-service. The vulnerabilities are located in the `name` and `password` value of the `login` module. Remote attackers are able to inject own malicious script codes to the vulnerable application-side of the online service. The vulnerabilities are persistent and can be exploited by remote attackers without user interaction or privileged application user account.
The vulnerability is caused due to a certain value in a document, which can be exploited to corrupt memory via a specially crafted document. Successful exploitation may allow execution of arbitrary code.
A buffer overflow vulnerability exists in Oracle? Hyperion Smart View for Office Fusion Edition 11.1.2.3.000 Build 157 when a large value is entered into the 'Shared Connections URL' field in the 'Options' menu. This can be exploited by any Microsoft Office product such as Excel, Word, or PowerPoint. The output of the crash analyzed in the debugger is shown in the text.
This exploit is a privilege escalation vulnerability in Apport, a crash reporting system used in Ubuntu. It allows a local user to gain root privileges by exploiting a race condition in the Apport crash handler. The vulnerability is caused by a race condition between the setuid() and execve() system calls. The exploit creates a malicious Apport crash handler script, which is then executed by the Apport crash handler. The malicious script then creates a setuid root shell, which is then executed by the Apport crash handler.
This exploit is a denial of service vulnerability in Microsoft IIS web server. It is caused by a specially crafted HTTP request with a range header that specifies a very large range. This causes the server to crash and become unresponsive.
WordPress MiwoFTP Plugin 1.0.5 suffers from arbitrary file download vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server in order to download any file from the server.
MS15-034 is a buffer overflow vulnerability in Microsoft Windows HTTP.sys which allows remote code execution. The vulnerability is caused by improper validation of the Range header in HTTP requests. An attacker can send a specially crafted HTTP request containing an overly long Range header to trigger a buffer overflow and execute arbitrary code.
MiwoFTP WP Plugin suffers from a cross-site request forgery remote code execution vulnerability. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions like executing arbitrary PHP code by uploading a malicious PHP script file, with administrative privileges, if a logged-in user visits a malicious web site.
MiwoFTP WP Plugin suffers from multiple cross-site request forgery and xss vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed to several GET/POST parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Input passed to the 'selitems[]' parameter is not properly sanitised before being used to delete files. This can be exploited to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.
Services By CQR